Re: Openssh + Solaris 9 and authentication
- From: Benjamin Donnachie <benjamin@xxxxxxxxxxxxx>
- Date: Thu, 02 Nov 2006 11:22:37 +0000
Gladstone, Gary wrote:
We were locking a group of users off a Solaris 9 box by do a
"passwd -l <user>". The users were unable to ssh into the box after
doing this either using their password of if they had an authorized_keys
I'm not sure why ssh failed; I use a similar "trick" on my system to
ensure that admin users can only log in using authorized_keys and not
However, users were still able to scp files onto the box if they had an
authorized_keys file. Is there a way to prevent this other than removing
the users authorized_keys files?
No as authorized_keys bypasses password authentication and hence being
locked out by passwd. What version of SSH are you using? It might be
an option to add these users to a particular group and disable public
key authentication for them. Or perhaps use some PAM restriction?